US8699710B2 - Controlled security domains - Google Patents

Controlled security domains Download PDF

Info

Publication number
US8699710B2
US8699710B2 US13/360,337 US201213360337A US8699710B2 US 8699710 B2 US8699710 B2 US 8699710B2 US 201213360337 A US201213360337 A US 201213360337A US 8699710 B2 US8699710 B2 US 8699710B2
Authority
US
United States
Prior art keywords
security
domain
token
series
security domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US13/360,337
Other versions
US20120257751A1 (en
Inventor
David Everett
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Loyalty Pays Holdings Corp
Original Assignee
Royal Canadian Mint
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Royal Canadian Mint filed Critical Royal Canadian Mint
Priority to US13/360,337 priority Critical patent/US8699710B2/en
Assigned to ROYAL CANADIAN MINT/MONNAIE ROYALE CANADIENNE reassignment ROYAL CANADIAN MINT/MONNAIE ROYALE CANADIENNE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: EVERETT, DAVID
Publication of US20120257751A1 publication Critical patent/US20120257751A1/en
Application granted granted Critical
Publication of US8699710B2 publication Critical patent/US8699710B2/en
Assigned to LOYALTY PAYS HOLDINGS CORPORATION reassignment LOYALTY PAYS HOLDINGS CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ROYAL CANADIAN MINT
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the present disclosure relates to a system and methods for controlling security domains within an untrusted environment.
  • an “untrusted environment” shall be understood to mean any communications or networking environment in which it is possible for attackers to modify messages, delete messages or even add or replay messages.
  • the public Internet is a common example of an untrusted environment, since it is not possible to prohibit attackers from modifying, deleting, adding or replaying messages.
  • Cable and Satellite television distribution networks can also be untrusted, to the extent that, once set-top receiver/decoder units are distributed to end-users, they can be “hacked” to enable unauthorized access to programming content.
  • the task of updating keys is simplified, somewhat, by the fact that a user must connect to a secure (trusted) resource at some time.
  • a secure (trusted) resource For example, in a VPN, a remote user must log onto a secure server in order to access the services of the VPN.
  • the user's set-top receiver/decoder unit In Cable and Satellite television distribution networks, the user's set-top receiver/decoder unit must be connected to a secure content server in order to receive programming content. In either case, the connection to the secure resource provides a means by which the age of the security token(s) stored on the user's remote device can be determined, and updated tokens distributed as required.
  • a user might log into a secure resource only infrequently, or never. This type of situation could occur in some electronic commerce systems, for example where a user may interact with other users, but only rarely (if ever) log into a central server of the system. In such cases, date and time information associated with keys stored in a user's device cannot be trusted, and so cannot be used to determine the age of those keys, and the need for updating them. Furthermore, a reliable mechanism for updating a user's keys is lacking.
  • the present disclosure sets out to provide a practical way by which operators of a security system can change the cryptographic parameters of security tokens in such a way that older tokens can be invalidated purely by the issuance of new tokens into circulation, and without reference to date and time information associated with any token(s) currently in use.
  • the operator of the system can arbitrarily choose when to change these parameters, for example depending on the current threats and perceived vulnerabilities.
  • an aspect of the present invention provides a security domain control method includes defining a sequential series of security domains; designating one of the security domains as a current domain; generating a plurality of security tokens under the current security domain, each security token being configured to enable a party to exchange cryptographically secured messages with another party that is holding any one of: a token generated under the current security domain; a token generated under at least one next security domain in the series; and a token generated under at least one previous security domain in the series; and subsequently designating a next one of the security domains in the series as a current domain.
  • FIG. 1 is a block diagram showing a secure system implementing methods in accordance with a representative embodiment of the present invention
  • FIG. 2 is a block diagram illustrating possible message exchange transactions in the system of FIG. 1 ;
  • FIG. 3 is a message flow diagram illustrating a message exchange transaction in the system of FIG. 1 ;
  • FIG. 4 is a block diagram illustrating possible message exchange transactions in a system according to a second embodiment of the present invention.
  • an expiry date associated with security tokens can not be enforced in an untrusted environment, because there is no real-time clock associated with a security token that can be trusted. It would not be acceptable to trust the date and time reference of an uncontrolled terminal (eg. a subscriber's communications device) because of the ease with which such a date and time reference can be modified by a hacker.
  • an uncontrolled terminal eg. a subscriber's communications device
  • the present invention provides a system in which the expiry of old security tokens can be implemented through a process of enforced obsolescence.
  • a service provider generates security tokens in accordance with a sequential series of security domains.
  • Each security domain may be referenced by a domain ID which identifies its location within the series. It is anticipated that each security domain may comprise a respective Certification Authority (CA) for keys issued within that security domain, and respective cryptographic features (including algorithms), either of which may be the same or different from those of other security domains within the series.
  • CA Certification Authority
  • Each security token issued under a given security domain is configured to enable a party to exchange trusted messages with another party who has a security token issued under the same security domain or either of at least the two neighboring security domains within the series.
  • the service provider can implement new security domains as and when they deem to be appropriate.
  • the parties receiving tokens issued under the current security domain are able to exchange trusted messages with parties holding tokens issued under the current domain, the immediately previous domain, and the next domain in the series.
  • This provides interoperability between successive security domains, while at the same time ensuring that the usefulness of tokens issued under older domains progressively diminishes, because parties holding older tokens cannot exchange secure messages with holders of tokens being issued under the current domain.
  • each party has an incentive to update their token(s) to the current security domain to avoid obsolescence and consequent inability to exchange messaging with other parties in the secure system.
  • tokens may be generated and downloaded to subscribers' communications devices, using methods known in the art.
  • the subscribers' token(s) may be updated from time to time, for example when the subscriber uses their token to log into a secure server.
  • tokens may be embedded within physical devices (eg. smart cards, etc.) which are then distributed to users.
  • a service provider may provide a service whereby a subscriber can update the token(s) embedded within their device, or alternatively enable a user to exchange an old device for a new one.
  • FIGS. 1 and 2 illustrate a secure system implementing aspects of the present invention. It will be noted that the illustrated system is based on public key cryptography, but those practiced in the art will understand that the same principles can be applied for the use of symmetric algorithms.
  • a secure system comprises a host server (in this case maintained by a service provider) and a plurality of subscribers (four of which are illustrated), each of which are connected for communications through an un-trusted data network, such as the public internet.
  • the host server maintains a sequential series of security domains, one of which is designated as the “current domain”.
  • each security domain is referenced by a respective domain series ID, and includes a designated Certification Authority (CA) for that security domain, and a Public Key (PK) issued by the designated certification authority for that security domain.
  • CA Certification Authority
  • PK Public Key
  • each security domain in the series could have a different Certification Authority, if desired.
  • the Public Key (PK) issued by the designated certification authority for each security domain in the series must be unique, at least among the security domains in the series.
  • a new token is issued under the designated Current Domain, and includes: a respective unique token ID; respective Secret and Public Keys (SKx and PKx) unique to that token; a token public key certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain as well as each of the immediately preceding and succeeding security domains in the series.
  • the token ID may include the domain series ID under which the token has been issued.
  • the public keys [PK(nx)] may be stored in the form of public key certificates.
  • A-D representative subscribers
  • Each of Subscribers A-C hold older tokens which were issued when respective earlier domains of the series were designated as the current domain.
  • Subscriber A has received a token issued under security domain “n 1 ”, which includes the domain series ID (n 1 ); a certificate [Pka by CA(n 1 )] issued by the CA of security domain n 1 ; and the public keys [PK(n 0 ), PK(n 1 ), PK(n 2 )] of security domain n 1 as well as of security domains n 0 and n 2 .
  • Subscriber B has received a token issued under security domain “n 2 ”, which includes the domain series ID (n 2 ); a certificate [Pkb by CA(n 2 )] issued by the CA of security domain n 2 ; and the public keys [PK(n 1 ), PK(n 2 ), PK(n 3 )] of security domain n 2 as well as of security domains n 1 and n 3 .
  • Subscriber C has received a token issued under security domain “n 3 ”, which includes the domain series ID (n 3 ); a certificate [Pkc by CA(n 3 )] issued by the CA of security domain n 3 ; and the public keys [PK(n 2 ), PK(n 3 ), PK(n 4 )] of security domain n 3 as well as of security domains n 2 and n 4 .
  • Subscriber D has received a token issued under security domain “n 4 ” (the designated Current Domain, which includes the domain series ID (n 4 ); a certificate [Pkd by CA(n 4 )] issued by the CA of security domain n 4 ; and the public keys [PK(n 3 ), PK(n 4 ), PK(n 5 )] of security domain n 4 as well as of security domains n 3 and n 5 .
  • security domain “n 4 ” the designated Current Domain, which includes the domain series ID (n 4 ); a certificate [Pkd by CA(n 4 )] issued by the CA of security domain n 4 ; and the public keys [PK(n 3 ), PK(n 4 ), PK(n 5 )] of security domain n 4 as well as of security domains n 3 and n 5 .
  • Subscribers A and B can exchange messages, because the overlapping sets of CA public keys in each token enables Subscriber A's n 1 -domain token to validate messages received from Subscriber B, and Subscriber B's n 2 -domain token can validate messages received from Subscriber A.
  • Subscriber B can exchange messages with both Subscriber A and Subscriber C, again because of the overlapping sets of CA public keys in each subscribers' token.
  • Subscriber C can exchange messages with both Subscriber B and Subscriber D.
  • Subscriber B is unable to exchange messages with Subscriber D
  • Subscriber A is unable to exchange messages with either Subscriber C or Subscriber D.
  • tokens issued under older security domains become progressively less useful, and are ultimately made obsolete.
  • FIG. 3 illustrates a possible message exchange scenario between Subscribers A and B.
  • Subscriber A's communications device sends a challenge message containing an indication of the Domain Series ID of subscriber A's token.
  • the Domain Series ID may comprise part of the Subscriber A's token ID, but this is not essential.
  • Subscriber B's communications device can check the set of public keys contained in its token to determine whether or not it has a public key for Subscriber A's security domain (n 1 ). In this case, the result of this verification check is “yes”, so Subscriber B's communications device returns a corresponding Ack(OK) message to Subscriber A.
  • Subscriber A's communications device Upon receipt of the Ack (OK) message, Subscriber A's communications device can use its token to generate and send a cryptographically secured message, including Subscriber A's certificate to Subscribers B. Upon receipt of the secured message, Subscriber B's communications device can use its token to obtain the public key (PK(n 1 )] of Subscriber A's security domain and verify the certificate contained in the received message.
  • PK(n 1 ) public key
  • the token ID can be designed to include the domain series ID of the domain under which the token was issued.
  • the token ID may be formatted as a 15-bit data field, of which the first 11 bits uniquely identify the token, and the trailing 4 bits comprise the domain series ID.
  • Other suitable formats will be readily apparent to those of ordinary skill in the art, and may be used as desired.
  • Embedding the domain series ID into the token ID in this manner offers an advantage in that it is not necessary for the receiving party (subscriber B in the above example) to send a challenge message to the sending party, as described above with reference to FIG. 3 . All that is required is that the sending party know the token ID of the intended recipient. This information may be passed to the sending party by any of a variety of means, and so avoids the need for a real time connection between the two parties, implicit in a challenge/response transaction.
  • FIG. 4 illustrates an alternative embodiment in which each new token issued under a given Current Domain includes: respective Secret and Public Keys (SKx and PKx) unique to that token; a certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain, the next security domain and both of the previous two security domains.
  • Subscriber C's token includes the domain series ID (n 3 ); a certificate [Pkc by CA(n 3 )] issued by the CA of security domain n 3 as in the embodiment of FIGS.
  • Subscriber D's token has the domain series ID (n 4 ); a certificate [Pkd by CA(n 4 )] issued by the CA of security domain n 4 , as in the embodiment of FIGS. 1 and 2 ; but now has four public keys [PK(n 2 ), PK(n 3 ), PK(n 4 ), PK(n 5 )] of security domains n 2 -n 5 .
  • Subscriber A is able to send messages to Subscriber C because Subscriber C's token includes the Public Key [PK(n 1 )] of Subscriber A's security domain, but Subscriber A is not able to receive messages from of Subscriber C, because Subscriber A's token does not contain the Public Key [PK(n 3 )] of Subscriber C's security domain and so cannot recognize Subscriber C's certificate.
  • Subscriber B is able to send messages to Subscriber D, but cannot receive messages from Subscriber D. This arrangement is useful in that it provides a more progressive degradation in the usefulness of older tokens, because parties holding older tokens experience a reduced ability to communicate with parties holding tokens issued under the current security domain, rather than being cut off completely.
  • a user's security token(s) may be updated by replacing their old token(s) with a new token issued under the current security domain.
  • a service provider may choose to update security tokens under the current domain; that is, without implementing the next security domain in the series.
  • the user's security token may be modified by adding or deleting CA public keys, and thereby alter the ability of the user to exchange trusted messaging with users holding tokens issued under other security domains.
  • the firmware controlling the processor 10 may be configured to pass token updates to other tokens.
  • a user's security token may be updated or modified without changing the security domain.
  • the processor's firmware may operate to communicate information regarding the change to other tokens having the same domain series ID, for example in an encrypted field embedded within content transfer messages.
  • the processor 10 may decrypt the field to extract the token change information, and, if appropriate, update the content of its own token accordingly.

Abstract

A security domain control method includes defining a sequential series of security domains; designating one of the security domains as a current domain; generating a plurality of security tokens under the current security domain, each security token being configured to enable a party to exchange cryptographically secured messages with another party that is holding any one of: a token generated under the current security domain; a token generated under at least one next security domain in the series; and a token generated under at least one previous security domain in the series; and subsequently designating a next one of the security domains in the series as a current domain.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application is based on, and claims benefit of, U.S. provisional patent application No. 61/437,147 filed Jan. 28, 2011, the entire content of which is hereby incorporated herein by reference.
MICROFICHE APPENDIX
Not Applicable.
TECHNICAL FIELD
The present disclosure relates to a system and methods for controlling security domains within an untrusted environment.
BACKGROUND
For the purpose of the present description, an “untrusted environment” shall be understood to mean any communications or networking environment in which it is possible for attackers to modify messages, delete messages or even add or replay messages. The public Internet is a common example of an untrusted environment, since it is not possible to prohibit attackers from modifying, deleting, adding or replaying messages. Cable and Satellite television distribution networks can also be untrusted, to the extent that, once set-top receiver/decoder units are distributed to end-users, they can be “hacked” to enable unauthorized access to programming content.
In order to enable secure communications in an untrusted environment it is usual to apply cryptographic algorithms and mechanisms to detect that a message is invalid for one or more of the previous reasons. Such cryptographic techniques require the participants to be in possession of the appropriate cryptographic keys. It is common for service providers or operators to implement a security domain in which a set of cryptographic keys are distributed to authorized parties. These keys can then be used to facilitate secure communications between those parties. For example, in Cable and Satellite television distribution networks, it is common practice for operators to encrypt their programming content using a private cryptographic key. The complementary public key is distributed to authorized subscribers as a security token, which enables users to decrypt and view the programming content. Private/public keys are also commonly used to implement a security domains (for example in the form of virtual private networks (VPNs)) in the public Internet.
It is well known that in a cryptographic security system of the type described above, it is necessary to update the keys (and frequently also the algorithms) in a timely fashion to ensure that the security of the system is preserved from advances made by the hacker fraternity. In general the operators of a security system may choose to change the keys and perhaps even increase their size at regular intervals. In some security systems it may even be desirable to change the algorithm. This is a common problem for example with Satellite TV conditional access systems which are a prime target for hackers.
The problem for the operator is that the overheads and risks of regularly changing the cryptographic components may be unacceptable and they may be persuaded to allow a longer period between key changes than is desirable. The complexity of such key management systems is well known.
In some systems (such as VPNs and Satellite television distribution networks) the task of updating keys is simplified, somewhat, by the fact that a user must connect to a secure (trusted) resource at some time. For example, in a VPN, a remote user must log onto a secure server in order to access the services of the VPN. In Cable and Satellite television distribution networks, the user's set-top receiver/decoder unit must be connected to a secure content server in order to receive programming content. In either case, the connection to the secure resource provides a means by which the age of the security token(s) stored on the user's remote device can be determined, and updated tokens distributed as required.
However, in some systems, a user might log into a secure resource only infrequently, or never. This type of situation could occur in some electronic commerce systems, for example where a user may interact with other users, but only rarely (if ever) log into a central server of the system. In such cases, date and time information associated with keys stored in a user's device cannot be trusted, and so cannot be used to determine the age of those keys, and the need for updating them. Furthermore, a reliable mechanism for updating a user's keys is lacking.
SUMMARY
The present disclosure sets out to provide a practical way by which operators of a security system can change the cryptographic parameters of security tokens in such a way that older tokens can be invalidated purely by the issuance of new tokens into circulation, and without reference to date and time information associated with any token(s) currently in use. The operator of the system can arbitrarily choose when to change these parameters, for example depending on the current threats and perceived vulnerabilities.
Accordingly, an aspect of the present invention provides a security domain control method includes defining a sequential series of security domains; designating one of the security domains as a current domain; generating a plurality of security tokens under the current security domain, each security token being configured to enable a party to exchange cryptographically secured messages with another party that is holding any one of: a token generated under the current security domain; a token generated under at least one next security domain in the series; and a token generated under at least one previous security domain in the series; and subsequently designating a next one of the security domains in the series as a current domain.
BRIEF DESCRIPTION OF THE DRAWINGS
Further features and advantages of the present invention will become apparent from the following detailed description, taken in combination with the appended drawings, in which:
FIG. 1 is a block diagram showing a secure system implementing methods in accordance with a representative embodiment of the present invention;
FIG. 2 is a block diagram illustrating possible message exchange transactions in the system of FIG. 1;
FIG. 3 is a message flow diagram illustrating a message exchange transaction in the system of FIG. 1; and
FIG. 4 is a block diagram illustrating possible message exchange transactions in a system according to a second embodiment of the present invention.
It will be noted that throughout the appended drawings, like features are identified by like reference numerals.
DETAILED DESCRIPTION
For the purposes of the present disclosure, it is envisaged that an expiry date associated with security tokens can not be enforced in an untrusted environment, because there is no real-time clock associated with a security token that can be trusted. It would not be acceptable to trust the date and time reference of an uncontrolled terminal (eg. a subscriber's communications device) because of the ease with which such a date and time reference can be modified by a hacker.
The present invention provides a system in which the expiry of old security tokens can be implemented through a process of enforced obsolescence.
Accordingly, a service provider generates security tokens in accordance with a sequential series of security domains. Each security domain may be referenced by a domain ID which identifies its location within the series. It is anticipated that each security domain may comprise a respective Certification Authority (CA) for keys issued within that security domain, and respective cryptographic features (including algorithms), either of which may be the same or different from those of other security domains within the series. Each security token issued under a given security domain is configured to enable a party to exchange trusted messages with another party who has a security token issued under the same security domain or either of at least the two neighboring security domains within the series.
With this arrangement, the service provider can implement new security domains as and when they deem to be appropriate. As each new security domain is implemented, the parties receiving tokens issued under the current security domain are able to exchange trusted messages with parties holding tokens issued under the current domain, the immediately previous domain, and the next domain in the series. This provides interoperability between successive security domains, while at the same time ensuring that the usefulness of tokens issued under older domains progressively diminishes, because parties holding older tokens cannot exchange secure messages with holders of tokens being issued under the current domain. As a result, even in an environment in which parties are not forced to log into a central server which can force token updates, each party has an incentive to update their token(s) to the current security domain to avoid obsolescence and consequent inability to exchange messaging with other parties in the secure system.
In some embodiments, tokens may be generated and downloaded to subscribers' communications devices, using methods known in the art. In such cases, the subscribers' token(s) may be updated from time to time, for example when the subscriber uses their token to log into a secure server. In other embodiments, tokens may be embedded within physical devices (eg. smart cards, etc.) which are then distributed to users. In such cases, a service provider may provide a service whereby a subscriber can update the token(s) embedded within their device, or alternatively enable a user to exchange an old device for a new one.
FIGS. 1 and 2 illustrate a secure system implementing aspects of the present invention. It will be noted that the illustrated system is based on public key cryptography, but those practiced in the art will understand that the same principles can be applied for the use of symmetric algorithms.
Referring to FIG. 1, a secure system comprises a host server (in this case maintained by a service provider) and a plurality of subscribers (four of which are illustrated), each of which are connected for communications through an un-trusted data network, such as the public internet. The host server maintains a sequential series of security domains, one of which is designated as the “current domain”.
In the illustrated embodiment, each security domain is referenced by a respective domain series ID, and includes a designated Certification Authority (CA) for that security domain, and a Public Key (PK) issued by the designated certification authority for that security domain. It is anticipated that, in most cases, the same Certification Authority may be designated for each security domain in the series, but this is not essential. In principle, each security domain in the series could have a different Certification Authority, if desired. However, in all cases, the Public Key (PK) issued by the designated certification authority for each security domain in the series must be unique, at least among the security domains in the series.
In operation, a new token is issued under the designated Current Domain, and includes: a respective unique token ID; respective Secret and Public Keys (SKx and PKx) unique to that token; a token public key certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain as well as each of the immediately preceding and succeeding security domains in the series. In some embodiments, the token ID may include the domain series ID under which the token has been issued. In some embodiments, the public keys [PK(nx)] may be stored in the form of public key certificates. In the example of FIGS. 1 and 2, four representative subscribers (A-D) are illustrated, of which only Subscriber D holds a token issued under the presently designated Current Domain (n4). Each of Subscribers A-C hold older tokens which were issued when respective earlier domains of the series were designated as the current domain. Thus, Subscriber A has received a token issued under security domain “n1”, which includes the domain series ID (n1); a certificate [Pka by CA(n1)] issued by the CA of security domain n1; and the public keys [PK(n0), PK(n1), PK(n2)] of security domain n1 as well as of security domains n0 and n2. Subscriber B has received a token issued under security domain “n2”, which includes the domain series ID (n2); a certificate [Pkb by CA(n2)] issued by the CA of security domain n2; and the public keys [PK(n1), PK(n2), PK(n3)] of security domain n2 as well as of security domains n1 and n3. Subscriber C has received a token issued under security domain “n3”, which includes the domain series ID (n3); a certificate [Pkc by CA(n3)] issued by the CA of security domain n3; and the public keys [PK(n2), PK(n3), PK(n4)] of security domain n3 as well as of security domains n2 and n4. Subscriber D has received a token issued under security domain “n4” (the designated Current Domain, which includes the domain series ID (n4); a certificate [Pkd by CA(n4)] issued by the CA of security domain n4; and the public keys [PK(n3), PK(n4), PK(n5)] of security domain n4 as well as of security domains n3 and n5.
With this arrangement, Subscribers A and B can exchange messages, because the overlapping sets of CA public keys in each token enables Subscriber A's n1-domain token to validate messages received from Subscriber B, and Subscriber B's n2-domain token can validate messages received from Subscriber A. Subscriber B can exchange messages with both Subscriber A and Subscriber C, again because of the overlapping sets of CA public keys in each subscribers' token. Similarly, Subscriber C can exchange messages with both Subscriber B and Subscriber D. However, Subscriber B is unable to exchange messages with Subscriber D, and Subscriber A is unable to exchange messages with either Subscriber C or Subscriber D. As such, as each successive security domain in the series is made current, tokens issued under older security domains become progressively less useful, and are ultimately made obsolete.
FIG. 3 illustrates a possible message exchange scenario between Subscribers A and B. In this scenario, it is desired to send a trusted message from Subscriber A to Subscriber B. Thus, Subscriber A's communications device sends a challenge message containing an indication of the Domain Series ID of subscriber A's token. In some embodiments, the Domain Series ID may comprise part of the Subscriber A's token ID, but this is not essential. Upon receipt of the challenge message, Subscriber B's communications device can check the set of public keys contained in its token to determine whether or not it has a public key for Subscriber A's security domain (n1). In this case, the result of this verification check is “yes”, so Subscriber B's communications device returns a corresponding Ack(OK) message to Subscriber A. Upon receipt of the Ack (OK) message, Subscriber A's communications device can use its token to generate and send a cryptographically secured message, including Subscriber A's certificate to Subscribers B. Upon receipt of the secured message, Subscriber B's communications device can use its token to obtain the public key (PK(n1)] of Subscriber A's security domain and verify the certificate contained in the received message.
The challenger/response scenario described above with reference to FIG. 3 suffers limitations in that either a real-time connection must be set up between the sending and receiving parties, or else a complex delayed-transfer protocol is required to handle the message transfer in the absence of a real-time connection. As noted above, in some embodiments, the token ID can be designed to include the domain series ID of the domain under which the token was issued. For example, in one possible embodiment, the token ID may be formatted as a 15-bit data field, of which the first 11 bits uniquely identify the token, and the trailing 4 bits comprise the domain series ID. Other suitable formats will be readily apparent to those of ordinary skill in the art, and may be used as desired. Embedding the domain series ID into the token ID in this manner offers an advantage in that it is not necessary for the receiving party (subscriber B in the above example) to send a challenge message to the sending party, as described above with reference to FIG. 3. All that is required is that the sending party know the token ID of the intended recipient. This information may be passed to the sending party by any of a variety of means, and so avoids the need for a real time connection between the two parties, implicit in a challenge/response transaction.
FIG. 4 illustrates an alternative embodiment in which each new token issued under a given Current Domain includes: respective Secret and Public Keys (SKx and PKx) unique to that token; a certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain, the next security domain and both of the previous two security domains. Thus, for example, Subscriber C's token includes the domain series ID (n3); a certificate [Pkc by CA(n3)] issued by the CA of security domain n3 as in the embodiment of FIGS. 1 and 2; but now has four public keys [PK(n1), PK(n2), PK(n3), PK(n4)] of security domains n1-n4. Similarly, Subscriber D's token has the domain series ID (n4); a certificate [Pkd by CA(n4)] issued by the CA of security domain n4, as in the embodiment of FIGS. 1 and 2; but now has four public keys [PK(n2), PK(n3), PK(n4), PK(n5)] of security domains n2-n5. With this arrangement, Subscriber A is able to send messages to Subscriber C because Subscriber C's token includes the Public Key [PK(n1)] of Subscriber A's security domain, but Subscriber A is not able to receive messages from of Subscriber C, because Subscriber A's token does not contain the Public Key [PK(n3)] of Subscriber C's security domain and so cannot recognize Subscriber C's certificate. Similarly, Subscriber B is able to send messages to Subscriber D, but cannot receive messages from Subscriber D. This arrangement is useful in that it provides a more progressive degradation in the usefulness of older tokens, because parties holding older tokens experience a reduced ability to communicate with parties holding tokens issued under the current security domain, rather than being cut off completely.
As noted above, a user's security token(s) may be updated by replacing their old token(s) with a new token issued under the current security domain. However, a service provider may choose to update security tokens under the current domain; that is, without implementing the next security domain in the series. For example, when a subscriber logs into a secure server, the user's security token may be modified by adding or deleting CA public keys, and thereby alter the ability of the user to exchange trusted messaging with users holding tokens issued under other security domains.
In some embodiments, the firmware controlling the processor 10 may be configured to pass token updates to other tokens. For example, as noted above, a user's security token may be updated or modified without changing the security domain. In such a case, the processor's firmware may operate to communicate information regarding the change to other tokens having the same domain series ID, for example in an encrypted field embedded within content transfer messages. Upon receipt of a content transfer message, the processor 10 may decrypt the field to extract the token change information, and, if appropriate, update the content of its own token accordingly.
The embodiment(s) of the invention described above is(are) intended to be exemplary only. The scope of the invention is therefore intended to be limited solely by the scope of the appended claims.

Claims (7)

I claim:
1. A method of controlling secure system, the method comprising:
a host server defining a series of security domains;
the host server sequentially designating each one of the series of security domains as a current domain, such that only one of the series of security domains is the current domain at any given time; and
the host server generating a plurality of security tokens under the current security domain, each security token being configured to enable a first party to exchange cryptographically secured messages with a second party that is holding a token generated under the current security domain; a third party that is holding a token generated under a next security domain in the series; and a fourth party that is holding a token generated under a previous security domain in the series.
2. The method as claimed in claim 1, wherein each security token is configured to enable a party to exchange cryptographically secured messages with another party that is holding a token generated under two previous security domains in the series.
3. The method as claimed in claim 1, wherein each security domain is defined using Public Key Infrastructure (PKI), and comprises a respective public key.
4. The method as claimed in claim 3, wherein each security token comprises the respective public key of each one of the current security domain; the next security domain in the series; and the previous security domain in the series.
5. The method as claimed in claim 4, wherein each security token further comprises the respective public key of a second previous security domain in the series.
6. The method as claimed in claim 1, further comprising automatically updating a user's security token when the user logs into a secure server.
7. A non-transitory computer-readable medium comprising machine-readable software instructions for controlling a computer to implement the method of claim 1.
US13/360,337 2011-01-28 2012-01-27 Controlled security domains Expired - Fee Related US8699710B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/360,337 US8699710B2 (en) 2011-01-28 2012-01-27 Controlled security domains

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161437147P 2011-01-28 2011-01-28
US13/360,337 US8699710B2 (en) 2011-01-28 2012-01-27 Controlled security domains

Publications (2)

Publication Number Publication Date
US20120257751A1 US20120257751A1 (en) 2012-10-11
US8699710B2 true US8699710B2 (en) 2014-04-15

Family

ID=46580160

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/360,337 Expired - Fee Related US8699710B2 (en) 2011-01-28 2012-01-27 Controlled security domains

Country Status (8)

Country Link
US (1) US8699710B2 (en)
EP (1) EP2668737A4 (en)
JP (1) JP6175600B2 (en)
KR (1) KR101690093B1 (en)
CN (1) CN103416020B (en)
AU (1) AU2012210978B2 (en)
CA (1) CA2824696A1 (en)
WO (1) WO2012100352A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2831802B1 (en) * 2012-03-26 2020-04-22 Assa Abloy Ab Field revisions for a personal security device
US10897360B2 (en) * 2017-01-26 2021-01-19 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using clean room provisioning
US11838284B2 (en) * 2020-02-03 2023-12-05 T-Mobile Usa, Inc. Cross-domain proof-of-possession

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020031230A1 (en) * 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US20020062451A1 (en) * 1998-09-01 2002-05-23 Scheidt Edward M. System and method of providing communication security
US7103784B1 (en) * 2000-05-05 2006-09-05 Microsoft Corporation Group types for administration of networks
US20060218628A1 (en) * 2005-03-22 2006-09-28 Hinton Heather M Method and system for enhanced federated single logout
US20060242407A1 (en) * 2004-07-29 2006-10-26 Kimmel Gerald D Cryptographic key management
US7130998B2 (en) * 2004-10-14 2006-10-31 Palo Alto Research Center, Inc. Using a portable security token to facilitate cross-certification between certification authorities
US20080022381A1 (en) * 2002-12-18 2008-01-24 Eric Le Saint Uniform framework for security tokens
US20090198997A1 (en) * 2006-11-20 2009-08-06 Tet Hin Yeap System and method for secure electronic communication services
US20090228969A1 (en) * 2002-10-31 2009-09-10 Microsoft Corporation Selective Cross-Realm Authentication
US20100049968A1 (en) * 2007-03-30 2010-02-25 Theo Dimitrakos Computer network
US7788484B2 (en) * 2005-11-30 2010-08-31 Microsoft Corporation Using hierarchical identity based cryptography for authenticating outbound mail
US8037298B2 (en) * 2008-01-31 2011-10-11 Park Avenue Capital LLC System and method for providing security via a top level domain
US20120089833A1 (en) * 2010-10-08 2012-04-12 Microsoft Corporation Secure deployment of provable identity for dynamic application environments

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7065210B1 (en) * 1999-01-25 2006-06-20 Murata Kikai Kabushiki Kaisha Secret key generation method, encryption method, cryptographic communications method, common key generator, cryptographic communications system, and recording media
JP3588042B2 (en) * 2000-08-30 2004-11-10 株式会社日立製作所 Certificate validity checking method and device
US20020071563A1 (en) * 2000-12-12 2002-06-13 Kurn David Michael Method and apparatus for cryptographic key rollover during operation
JP2001242785A (en) * 2001-04-20 2001-09-07 Ntt Data Corp Digital signature system
US6886096B2 (en) * 2002-11-14 2005-04-26 Voltage Security, Inc. Identity-based encryption system
JP2004166154A (en) * 2002-11-15 2004-06-10 Nec Corp Key control system for multicast distribution
WO2004093381A1 (en) * 2003-04-16 2004-10-28 Telefonaktiebolaget Lm Ericsson (Publ) Authentication method
JP3894181B2 (en) * 2003-10-10 2007-03-14 株式会社日立製作所 Method and apparatus for speeding up public key certificate verification
BRPI0415314B8 (en) * 2003-10-14 2018-05-02 Magnus Nystroem method and arrangement for managing generations of security code information in an information environment, and consumer and security code producing entities in an information environment
US7620187B1 (en) * 2005-03-30 2009-11-17 Rockwell Collins, Inc. Method and apparatus for ad hoc cryptographic key transfer
JP4635855B2 (en) * 2005-12-13 2011-02-23 株式会社日立製作所 Data communication method and system
CN100546245C (en) * 2006-01-11 2009-09-30 西安电子科技大学 Stride the network authentication and the method for distributing key of security domain
JP4270219B2 (en) * 2006-03-31 2009-05-27 ブラザー工業株式会社 COMMUNICATION SYSTEM, SERVER DEVICE, AND PROGRAM
JP4594962B2 (en) * 2007-06-04 2010-12-08 株式会社日立製作所 Verification server, program, and verification method
JP5077186B2 (en) * 2008-10-17 2012-11-21 富士通株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
JP5329184B2 (en) * 2008-11-12 2013-10-30 株式会社日立製作所 Public key certificate verification method and verification server

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020062451A1 (en) * 1998-09-01 2002-05-23 Scheidt Edward M. System and method of providing communication security
US7103784B1 (en) * 2000-05-05 2006-09-05 Microsoft Corporation Group types for administration of networks
US20020031230A1 (en) * 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US20090228969A1 (en) * 2002-10-31 2009-09-10 Microsoft Corporation Selective Cross-Realm Authentication
US20080022381A1 (en) * 2002-12-18 2008-01-24 Eric Le Saint Uniform framework for security tokens
US20060242407A1 (en) * 2004-07-29 2006-10-26 Kimmel Gerald D Cryptographic key management
US7130998B2 (en) * 2004-10-14 2006-10-31 Palo Alto Research Center, Inc. Using a portable security token to facilitate cross-certification between certification authorities
US20060218628A1 (en) * 2005-03-22 2006-09-28 Hinton Heather M Method and system for enhanced federated single logout
US7788484B2 (en) * 2005-11-30 2010-08-31 Microsoft Corporation Using hierarchical identity based cryptography for authenticating outbound mail
US20090198997A1 (en) * 2006-11-20 2009-08-06 Tet Hin Yeap System and method for secure electronic communication services
US20100049968A1 (en) * 2007-03-30 2010-02-25 Theo Dimitrakos Computer network
US8037298B2 (en) * 2008-01-31 2011-10-11 Park Avenue Capital LLC System and method for providing security via a top level domain
US20120089833A1 (en) * 2010-10-08 2012-04-12 Microsoft Corporation Secure deployment of provable identity for dynamic application environments

Also Published As

Publication number Publication date
CN103416020B (en) 2015-12-23
KR20140004703A (en) 2014-01-13
CN103416020A (en) 2013-11-27
JP6175600B2 (en) 2017-08-09
KR101690093B1 (en) 2016-12-27
EP2668737A4 (en) 2016-01-06
AU2012210978B2 (en) 2015-11-26
JP2014504120A (en) 2014-02-13
AU2012210978A1 (en) 2013-08-01
US20120257751A1 (en) 2012-10-11
WO2012100352A1 (en) 2012-08-02
CA2824696A1 (en) 2012-08-02
EP2668737A1 (en) 2013-12-04

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
CN113691560B (en) Data transmission method, method for controlling data use, and cryptographic device
US9219607B2 (en) Provisioning sensitive data into third party
US20200320178A1 (en) Digital rights management authorization token pairing
CN103248479A (en) Cloud storage safety system, data protection method and data sharing method
US11316685B1 (en) Systems and methods for encrypted content management
CN110933484A (en) Management method and device of wireless screen projection equipment
CN109525565B (en) Defense method and system for short message interception attack
CN110493367B (en) Address-free IPv6 non-public server, client and communication method
US8006249B2 (en) Method of implementing a state tracking mechanism in a communications session between a server and a client system
CN110662091A (en) Third-party live video access method, storage medium, electronic device and system
CN114731273A (en) Cryptographically secure data protection
US20230132485A1 (en) System for Thin Client Devices in Hybrid Edge Cloud Systems
US20120155647A1 (en) Cryptographic devices & methods
US20240064143A1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US8699710B2 (en) Controlled security domains
US11658955B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US11743035B2 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
JP7191999B2 (en) Mini-program package transmission method, apparatus, electronics computer readable medium and computer program product
KR102413497B1 (en) Systems and methods for secure electronic data transmission
US11843636B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN110225011B (en) Authentication method and device for user node and computer readable storage medium
Madhuri et al. Data Migration Techniques in Cloud
CN104901932A (en) Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology

Legal Events

Date Code Title Description
AS Assignment

Owner name: ROYAL CANADIAN MINT/MONNAIE ROYALE CANADIENNE, CAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EVERETT, DAVID;REEL/FRAME:027939/0011

Effective date: 20110209

AS Assignment

Owner name: LOYALTY PAYS HOLDINGS CORPORATION, CANADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ROYAL CANADIAN MINT;REEL/FRAME:037581/0811

Effective date: 20151223

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.)

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Expired due to failure to pay maintenance fee

Effective date: 20180415